From nobody Fri Jan 12 18:20:34 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TBVFy2w2Lz57J95 for ; Fri, 12 Jan 2024 18:20:38 +0000 (UTC) (envelope-from dereks@lifeofadishwasher.com) Received: from mail-qv1-xf30.google.com (mail-qv1-xf30.google.com [IPv6:2607:f8b0:4864:20::f30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TBVFy1DVMz4tN8 for ; Fri, 12 Jan 2024 18:20:38 +0000 (UTC) (envelope-from dereks@lifeofadishwasher.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-qv1-xf30.google.com with SMTP id 6a1803df08f44-680496bc3aaso36371146d6.0 for ; Fri, 12 Jan 2024 10:20:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifeofadishwasher.com; s=google; t=1705083637; x=1705688437; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=I5oH1vQ2f/c8jPaSTSbvsUTUagz6ER3JXUDrJVsWBYg=; b=JujHoWJ1QWabvNvJyO3IoDHec0eJu2hkf5cIqHYi0LtsyEtdDM4Hj7ACX1nGZJNLdI zcrVhpY+YTmEzf0NPn0ACtzW0DAqJ28q0sLUfz97TCM1vbyWcoswemvgRLU3K8udvywQ Eml7/t/cyiFEcwgiLZ4O0xeyUco1P1zwCYqwQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705083637; x=1705688437; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=I5oH1vQ2f/c8jPaSTSbvsUTUagz6ER3JXUDrJVsWBYg=; b=l0XLTlzzm1AnMQtJWQjXDuLOh7hrNP6S3nHO2kBR7jmVKLRW3fwOEiZDd+npESVLaF 1H8GwftRbROEvhDejQJYXGXE0XveRLYw4KcKmVTobR40WACzjoEp3JBtNsmK4NDqaijF FiNjN+9/WbDKwvj4YLvIPr9+S68KBGjr6Uuy70hQTmKq81a6vWN1tWCoDfgXBF7LG81w AABryH0qenfN/+lD9vL5vO908TtdEw6agYm+PlHf8yRGm7dpPMViobIUAxXyHTyGSnfH +w8daPXSmqAP0MuGBnEjpFAMm9zHGJhOVr/IA8OXHgaofuzvnt0KQKz1EpAPDtdxIpkm EBKg== X-Gm-Message-State: AOJu0YxQ915X16FcaYI4mz+R11pQabsA7WO+0c+qyVgumEpL8tHR8ISy E7linpc0D4nzmBfVk7fEvYngMZdLhrsf X-Google-Smtp-Source: AGHT+IHxBDRO4q8JiKuizMlM35kA8xKbiuD4EnRdF3F3zc6ICuJuGmPAvnqVWdM0vyPWjgy7Wws/TQ== X-Received: by 2002:a05:6214:dcf:b0:681:a36:724e with SMTP id 15-20020a0562140dcf00b006810a36724emr1554262qvt.97.1705083637160; Fri, 12 Jan 2024 10:20:37 -0800 (PST) Received: from lifeofadishwasher.com ([2601:547:1900:3230:81f9:2dee:f49d:b0ab]) by smtp.gmail.com with ESMTPSA id p9-20020a0ccb89000000b00680f873ac7esm531159qvk.52.2024.01.12.10.20.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Jan 2024 10:20:36 -0800 (PST) Received: by lifeofadishwasher.com (sSMTP sendmail emulation); Fri, 12 Jan 2024 13:20:34 -0500 Date: Fri, 12 Jan 2024 13:20:34 -0500 From: Derek Schrock To: Craig Leres Cc: freebsd-hackers@freebsd.org Subject: Re: poudriere 3.4.0 regression: -i runs as NON_ROOT user Message-ID: Mail-Followup-To: Craig Leres , freebsd-hackers@freebsd.org References: List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4TBVFy1DVMz4tN8 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] On Thu, Jan 11, 2024 at 07:33:25PM EST, Craig Leres wrote: > I posted an issue on the poudriere github a few weeks ago but have not > gotten any feedback so let me ask the question here; is it now expected that > "poudriere -i" is supposed to run as a non-root user when normal poudriere > bulk builds run as root? > > Here's the github issue: > > https://github.com/freebsd/poudriere/issues/1100 > > The appended is the way I have debugged ports ever since I first learned how > to use poudriere 7 years ago. Now I have to take the additional step of > using jexec to get a root shell in the jail otherwise bsd.port.mk thinks UID > = 0 and tries to chown/chmod things which doesn't work when it's actually > running as nobody... > > Craig > > zinc 1 # poudriere bulk -i -j 13release -p current ports-mgmt/pkg > nobody@zinc:/usr/ports/ports-mgmt/pkg % ps ut > USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND > root 13864 0.0 0.0 13680 2964 1 SJ 21:39 0:00.00 login [pam] > (login) > root 13865 0.0 0.0 13656 2972 1 SJ 21:39 0:00.01 su -m nobody -c > csh > nobody 13869 0.0 0.0 13936 3196 1 SJ 21:39 0:00.00 _su -m -c csh > (csh) > nobody 13871 0.0 0.0 13936 3836 1 SJ 21:39 0:00.01 csh > nobody 14094 0.0 0.0 13444 2852 1 R+J 21:39 0:00.00 ps ut > nobody@zinc:/usr/ports/ports-mgmt/pkg % > You can `su -l` as nobody in the jail to get to root too. Still extra but I do believe it is executed that interactive is started as non-root when building as non-root.